As Tom and Mrs. Compliance Evangelist trek to Ann Arbor MI to attend his law school reunion, Go Blue and watch the Wolverines trounce Nebraska and enjoy some cool autumn weather, he and Jay are back with a look at some of the week’s top compliance and ethics stories.

  1. Due diligence is not a nice to have, it’s a mandatory. Scott Shaffer explains in the FCPA Blog.
  2. Kavanaugh and compliance? Matt Kelly considers in Radical Complaince. Tom and Matt explore in this week’s Compliance into the Weeds.
  3. Why does a law firm admit its internal investigation was designed to be a whitewash (in the internal investigation report)? More on the very strange Dansk Bank money laundering imbroglio. Patricia Kowsmann and Drew Hinshaw report in the Wall Street Journal. Tom dishes on the FCPA Compliance and Ethics Blog.
  4. Mark Cuban makes $10MM donation. Is it enough to make up for 15 years of toxic corporate culture of sexual abuse and harassment? Kaelne Jones reports in Sports Illustrated.
  5. Big oil on trial in the UK. What will be the fallout? Mara Lemos Stein reports in the WSJ Risk and Compliance Journal.
  6. KPMG study finds slow adoption of tech in compliance. See full report here.
  7. Matthew Stephenson continues his two-part consideration of the Hoskins decision. In the Global Anti-Corruption Blog.
  8. SEC proposal to limit whistleblower awards draws withering criticism from commentary period. Sam Rubenfeld reports in the WSJ Risk & Compliance Journal.
  9. Want the top compliance training from the guy who wrote the book on compliance? Tom will put on a Compliance Master Class in Boston, September 25 & 26, hosted by Affiliated Monitors. Registration and information, click here.
  10. Want a 50% discount to one of the top compliance conferences around? Join Tom and AMI’s Eric Feldman at CONVERGE18 in Denver on October 9-11. I hope you can join me at the event. For information on the event, click here. As an extra benefit to fans of This Week in FCPA, CONVERGE18 is offering a 50% discount off the registration Enter discount code TOMFOXVIP.
  11. In this week’s podcast series I internview Rebecca Turco and Paul Johns from SAI Global on their current innovations in compliance learning. Part 1-the changing marketplace; Part 2-adaptive learning; Part 3-EthicsAnywhere; Part 4-trends in compliance; and Part 5-integrated risk management.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Over this podcast series I have been visiting with Paul Johns, Chief Marketing Officer, and Rebecca Turco, Vice President of Learning, both at SAI Global, the sponsor of this podcast series. We have been discussing the changes in ethics and compliance (E&C) learning and how a more technology-based learning solution can help move your company to a more effective and  more operationalized best practices compliance program. In this final episode, I visit with Paul Johns on the need for an integrated approach to risk management.

One of the primary reasons why an integrated approach to risk management is mandatory in today’s business environment is the increasing amount and complexity of risk which every company and, indeed, every Chief Compliance Officer (CCO) face. Moreover, social media has amplified every action and reaction both in terms of signal strength and speed of dissemination and communication. New risks include the parties you are working with down the line to 3rd, 4thand 5thlevel suppliers and sales representatives. Obviously cyber risks are greatly increased as well. From consumers or customers, however, the calculation is strikingly simple – did your company do the right thing?

It is only through an integrated risk management strategy that you can being to prepare your company to do business in the modern world. Such a strategy includes (1) forecasting, (2) risk assessment, (3) risk-based monitoring and (4) feedback of information gleaned from your monitoring into your risk strategy going forward. Yet it is more than the risk management process; it is using each part of your compliance program to develop information which can make your overall risk management strategy more robust.

While this five-part series has focused largely on compliance and ethics training, consider how an integrated approach to risk management works even with training. As Turco noted regarding adaptive learning, it is designed to focus on “making sure the learners are getting the content and relevant information that they need within any piece of content. It begins with asking questions about where they work and whether they interact with government officials. From there, it moves to serve up content to the employee which is meaningful, that helps them start to see what risks are in their area.” By asking questions to deliver an appropriate training solution, you begin to develop information about the state of your compliance program. If you are weak in some areas, you may wish to engage in remediation. If you strong in other areas, you can use those employees as Compliance Ambassadors within your organization to be a resource to other employees.

Johns tied this concept to your overall risk management strategy by noting it is only as strong as the weakest link. In the area of compliance training, this means if you have a high employee turnover, as is common in retail companies, your annual Code of Conduct training may not be sufficient to catch all employees every year. Moreover, if such training is run out of Human Resources (HR), the compliance function and hence senior management and the Board of Directors may not even be aware of this gap. But you may not even be aware of this gap unless you ask questions or consider what the data is telling you.

Some other questions Johns posed in the context of an integrated risk management strategy are if your company moves to a new geographic region or opens a new sales line, have all of your policies and procedures been updated to reflect this change in your risk profile? Has anyone considered such a move from the risk perspective? Are you even assessing such risks before product implementation or change in sales strategy? From the Board and Chief Executive Officer (CEO) perspective, have they been presented with an integrated risk report from which they can even begin to assess the risk in front of them? Your sales model will directly impact your risk under anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA). Third-party risks are still the highest risks under the FCPA. However, an employee-based sales strategy also presents risks, albeit a different set of risks. (Consider GSK in China.)

Another interesting reflection from Johns was that with the more flexible nature of a workforce, including those on flex time, working from home, working during a commute and those who are essentially on 24-hour call; these innovations in working conditions demand an innovation in ways that training and ongoing communications are delivered. This means a company should have a mobile platform for learning and communication that can deliver its messages to employees when and how they want (and need) to consume it. This also ties into questions about not only content but the technology you use to deliver that content. When was the last time you considered the technology you are using in terms of the best manner to deliver the appropriate content?

Johns concluded with quite an interesting observation on the role of compliance and risk management. It is to become the new Praetorian Guards, which is to say put a ring around the senior executives to protect them. (Note – I am a fan of the Alamo analogy articulated by Chuck Duross but then again, all the defenders at the Alamo died.) He also alluded to the offensive nature of the Praetorian Guard. This also ties more closely into how a more fully operationalized compliance program makes a business run more efficiently and at the end of the day, more profitably.

In this episode of the CONGERGE18 Preview Podcasts series, I visit with Susan du Becker, Global Compliance Enablement at Cisco Systems. We discuss some of her strategies for breaking down silos to facilitate compliance training. Some of the issues we tackle in this podcast are:

  • How compliance and ethics has moved to a must have corporate discipline.
  • What are the most important ‘care-abouts’ for your company’s workforce?
  • Every different elements do you have to work with in each country you do business for your compliance training?

In what is fast becoming one of the top ethics and compliance conferences around, I hope you can join me at CONVERGE18, hosted by Convercent. This year’s event will be October 8-11 at the Omni in Broomfield, Colorado. The line-up of this year’s event is simply first rate with some of the top ethics and compliance practitioners around.

With the acceleration of the speak up culture and organizational accountability that social media is enabling and amplifying, companies need to incorporate integrity into every level of the organization. CONVERGE18 will help you do just that by addressing this ethical transformation head-on. Get the insights, information and solutions you need to put ethics into action. Join compliance executives from Salesforce, Kimberly Clark, Avis, U.S. Bank, AARP, Wells Fargo, Cheesecake Factory and many others to:

  • Network with 300 of your peers, including C-suite executives, legal professionals, HR leaders and ethics and compliance visionaries.
  • Gain insights from 35 speakers including Ethics and Compliance advocate Hui Chen, ECI’s CEO Pat Harned, NBA’s Deputy Chief Compliance Officer Steph Vogel, President at OCEG Carole Switzer and more.
  • Bring actionable takeaways back to your program from various session types including 2 keynotes, 5 general sessions, 12 discussion-based roundtables, 18 interactive breakout sessions for you to listen, learn and share.
  • The goal of CONVERGE18 is to arm you with information, strategy and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to readers of this blog, CONVERGE18 is offering a 50% discount off the registration price. Enter discount code TOMFOXVIP.

CONVERGE18 is a production of Convercent, which is the sponsor of this podcast series.

Over this series I have been visiting with Paul Johns, Chief Marketing Officer, and Rebecca Turco, Vice President of Learning, both at SAI Global, the sponsor of this podcast series. We are discussing the changes in ethics and compliance learning (E&C) and how a more technology-based learning solution can help move your company to a more effective and more operationalized best practices compliance program. In Part IV, I visit with Rebecca Turco on the current trends she is seeing in culture, ethics and compliance (E&C) and where it all may be headed.

We began the discussion with adaptive learning, which is more of a personalization way to learn. It is key for the compliance ethics discipline because adaptive learning “really looks at how do we differentiate the content for the learners? How do we start to serve up content that’s relevant based on role or region? How do we help learners?” Adaptive learning is designed to focus on “making sure the learners are getting the content and relevant information that they need within any piece of content. It begins with asking questions about where they work and whether they interact with government officials. From there, it moves to serve up content to the employee which is meaningful, that helps them start to see what risks are in their area. It also allows content designers to be able to give them a personalization to the training experience that is more meaningful than just kind of a one size fits all.”

Another key usefulness of this approach is that it does not reinvent training for employees who do not need it. This comes from “giving people credit for understanding risks, giving them the ability to kind of test out, by asking them a series of questions and if they know the answers, they may know what their risks are and they can move to a level at which they do not know the answers. You do not need to train employees in areas where they have demonstrated competency. This gives companies the opportunities to really think about their program and differentiate the ethics and compliance training of their compliance program.” Turco concluded, “in the world today, people are looking for compliance training that is as short and sweet as possible, getting to the relevant pieces of information.”

Another innovation in E&C learning has been around the concept of branching. Turco explained this is building out different scenarios. She provided an example of training about “a security breach. Things happen on a video and the learner is watching them unfold. By using adaptive technology you can require the learner to pick out the hotspot where they would see a risk or something being violated. From there the video would branch off into different scenarios based on what you decide because that’s real life. It is not the first decision that causes an ethical breach or a security breach. It’s for decisions down the road. That’s the hard part in training to get right because it is not always just as black and white as is the conflict of interest might lie.”

We next turned to the area of the effectiveness of compliance training, which, Turco said, “is the key story for compliance”. Interestingly, Turco said the first question asked is about the content of the training, not the data around this issue. She explained, “you can collect as much data as you want for any, any reason but if the content you are writing and designing for the training is not meaningful, then the data you’re getting isn’t meaningful.” (as fine a definition of GIGO as I have ever heard.) She said that a company must really think about data and how to use it to make your program smarter and to make you understand where the risks are in your organization.

Effectiveness then starts with building content with thought provoking questions in the presentation. This leads to scenarios which ask the learner, “what do you think?” From there you can begin collecting the data from their responses and start to analyze it on the back end. This can give you trends about whether there is a disconnect in your written Code of Conduct, policies and procedures and how business is operationalized in the field.  With this data, an organization can start to target campaigns to that team around that risk area identified. Turco pointed to one example where a company was able to demonstrate through this approach a training competency and effectiveness increase from 20% to 80% in one year.

Your goal should be that the needle is moving and your organization is providing employees the tools in order to make sure they have the knowledge and the competency to not only pass that assessment but also understand those risks in the business. This is far beyond the “check the box” method of training. With the speed of current day corporate decision making in the field and the pressure your sales teams are under to meet goals, timelines and deadlines; you need to provide training to meet these business realities. Once you understand that, then you can start to understand how to provide your employees effective training.

Turco concluded by noting that your training should aid in the decision-making process when the teams are under pressure; whether that be sales pressure, pressure due to a high-risk region or other. Turco said, “How do you make sure that when they’re under that pressure, they will know exactly what to do?” The data collected from the training process can help identify risks, provide the opportunity to help employees understand more and drive training or campaigning around risks.

 

In this episode of the CONGERGE18 Preview Podcasts series, I visit with Amy Much, Ethics and Compliance Officer at Under Armor. We discuss some her presentation at Converge18 “Learn From My Mistakes, Fits and Starts When Building a New C&E Program”. Some of the issues we tackle in this podcast are:

  • How some of your most valuable lessons come from your mistakes.
  • No one person can know all the cultural elements in your company.
  • No ethics and compliance program should operate in a vacuum.

In what is fast becoming one of the top ethics and compliance conferences around, I hope you can join me at CONVERGE18, hosted by Convercent. This year’s event will be October 8-11 at the Omni in Broomfield, Colorado. The line-up of this year’s event is simply first rate with some of the top ethics and compliance practitioners around.

With the acceleration of the speak up culture and organizational accountability that social media is enabling and amplifying, companies need to incorporate integrity into every level of the organization. CONVERGE18 will help you do just that by addressing this ethical transformation head-on. Get the insights, information and solutions you need to put ethics into action. Join compliance executives from Salesforce, Kimberly Clark, Avis, U.S. Bank, AARP, Wells Fargo, Cheesecake Factory and many others to:

  • Network with 300 of your peers, including C-suite executives, legal professionals, HR leaders and ethics and compliance visionaries.
  • Gain insights from 35 speakers including Ethics and Compliance advocate Hui Chen, ECI’s CEO Pat Harned, NBA’s Deputy Chief Compliance Officer Steph Vogel, President at OCEG Carole Switzer and more.
  • Bring actionable takeaways back to your program from various session types including 2 keynotes, 5 general sessions, 12 discussion-based roundtables, 18 interactive breakout sessions for you to listen, learn and share.
  • The goal of CONVERGE18 is to arm you with information, strategy and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to readers of this blog, CONVERGE18 is offering a 50% discount off the registration price. Enter discount code TOMFOXVIP.

CONVERGE18 is a production of Convercent, which is the sponsor of this podcast series.